Noted iOS security researcher and hacker Luca Todesco has just
released a WebKit-based loader for the Pangu 9.3.3 jailbreak. This
impressive browser exploit is reminiscent of the original JailbreakMe exploits on iOS 1 and iOS 4, after which it is named.

Whilst this development is testament to Todesco’s hacking skills and has alleviated one major problem with the current 9.3.3 jailbreak:
its reliance on developer certificates for the loader app, there is
bound to be some confusion over what this tool actually does, and what
it means for the jailbreak community. This post aims to bring some
clarity to the topic.

It can:

Work without the certificate restrictions which have until now been a downside of this jailbreak.

Work without an app, directly from your browser.

It cannot:

Jailbreak devices on firmwares not supported by the Pangu jailbreak.

Install Cydia (which means it is not a suitable replacement for the
initial Pangu jailbreak program, only for the re-activation payload).

Work on any 32-bit device (iPhone 5 or older).

Make your jailbreak permanently untethered.

In summary, this exploit is at present a straight replacement for the
Pangu re-jailbreaking apps on iOS 9.3.x. It is however a remarkable
achievement given that it works via a webpage in mobile Safari,
traditionally a difficult place from which to mount an exploit.

One last point to note for those hoping for a fully untethered 9.3.3 jailbreak is that Todesco has commented
that an untether for this exploit is not out of the question. However,
it is unclear at the moment whether he intends to work on this.

Noted iOS security researcher and hacker Luca Todesco has just
released a WebKit-based loader for the Pangu 9.3.3 jailbreak. This
impressive browser exploit is reminiscent of the original JailbreakMe exploits on iOS 1 and iOS 4, after which it is named.

Whilst this development is testament to Todesco’s hacking skills and has alleviated one major problem with the current 9.3.3 jailbreak:
its reliance on developer certificates for the loader app, there is
bound to be some confusion over what this tool actually does, and what
it means for the jailbreak community. This post aims to bring some
clarity to the topic.

It can:

Work without the certificate restrictions which have until now been a downside of this jailbreak.

Work without an app, directly from your browser.

It cannot:

Jailbreak devices on firmwares not supported by the Pangu jailbreak.

Install Cydia (which means it is not a suitable replacement for the
initial Pangu jailbreak program, only for the re-activation payload).

Work on any 32-bit device (iPhone 5 or older).

Make your jailbreak permanently untethered.

In summary, this exploit is at present a straight replacement for the
Pangu re-jailbreaking apps on iOS 9.3.x. It is however a remarkable
achievement given that it works via a webpage in mobile Safari,
traditionally a difficult place from which to mount an exploit.

One last point to note for those hoping for a fully untethered 9.3.3 jailbreak is that Todesco has commented
that an untether for this exploit is not out of the question. However,
it is unclear at the moment whether he intends to work on this.